package/firewall/files/firewall.config

   1 config defaults
   2         option syn_flood        1
   3         option input            ACCEPT
   4         option output           ACCEPT
   5         option forward          REJECT
   6
   7 config zone
   8         option name             lan
   9         option input    ACCEPT
  10         option output   ACCEPT
  11         option forward  REJECT
  12
  13 config zone
  14         option name             wan
  15         option input    REJECT
  16         option output   ACCEPT
  17         option forward  REJECT
  18         option masq             1
  19
  20 config forwarding
  21         option src      lan
  22         option dest     wan
  23         option mtu_fix  1
  24
  25
  26 ### EXAMPLE CONFIG SECTIONS
  27 # do not allow a specific ip to access wan
  28 #config rule
  29 #       option src              lan
  30 #       option src_ip   192.168.45.2
  31 #       option dest             wan
  32 #       option proto    tcp
  33 #       option target   REJECT
  34
  35 # block a specific mac on wan
  36 #config rule
  37 #       option dest             wan
  38 #       option src_mac  00:11:22:33:44:66
  39 #       option target   REJECT
  40
  41 # block incoming ICMP traffic on a zone
  42 #config rule
  43 #       option src              lan
  44 #       option proto    ICMP
  45 #       option target   DROP
  46
  47 # port redirect port coming in on wan to lan
  48 #config redirect
  49 #       option src                      wan
  50 #       option src_dport        80
  51 #       option dest                     lan
  52 #       option dest_ip          192.168.16.235
  53 #       option dest_port        80
  54 #       option proto            tcp
  55
  56 # include a file with users custom iptables rules
  57 #config include
  58 #       option path /etc/firewall.user
  59
  60
  61 ### FULL CONFIG SECTIONS
  62 #config rule
  63 #       option src              lan
  64 #       option src_ip   192.168.45.2
  65 #       option src_mac  00:11:22:33:44:55
  66 #       option src_port 80
  67 #       option dest             wan
  68 #       option dest_ip  194.25.2.129
  69 #       option dest_port        120
  70 #       option proto    tcp
  71 #       option target   REJECT
  72
  73 #config redirect
  74 #       option src              lan
  75 #       option src_ip   192.168.45.2
  76 #       option src_mac  00:11:22:33:44:55
  77 #       option src_port         1024
  78 #       option src_dport        80
  79 #       option dest_ip  194.25.2.129
  80 #       option dest_port        120
  81 #       option proto    tcp